From patchwork Mon Nov 24 10:12:15 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arturo Borrero X-Patchwork-Id: 413602 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 141C314012B for ; Mon, 24 Nov 2014 21:12:34 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753369AbaKXKMb (ORCPT ); Mon, 24 Nov 2014 05:12:31 -0500 Received: from smtp3.cica.es ([150.214.5.190]:48956 "EHLO smtp.cica.es" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750871AbaKXKMa (ORCPT ); Mon, 24 Nov 2014 05:12:30 -0500 Received: from localhost (unknown [127.0.0.1]) by smtp.cica.es (Postfix) with ESMTP id 2E93151F0A4; Mon, 24 Nov 2014 10:12:28 +0000 (UTC) X-Virus-Scanned: amavisd-new at cica.es Received: from smtp.cica.es ([127.0.0.1]) by localhost (mail.cica.es [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8oqLxVQhhdEc; Mon, 24 Nov 2014 11:12:18 +0100 (CET) Received: from nfdev.cica.es (nfdev.cica.es [IPv6:2a00:9ac0:c1ca:31::220]) by smtp.cica.es (Postfix) with ESMTP id 3521951EF44; Mon, 24 Nov 2014 11:12:17 +0100 (CET) Subject: [iptables PATCH] iptables: nft: create a separated object update type to rename chains From: Arturo Borrero Gonzalez To: netfilter-devel@vger.kernel.org Cc: giuseppelng@gmail.com, pablo@netfilter.org Date: Mon, 24 Nov 2014 11:12:15 +0100 Message-ID: <20141124101214.24914.2030.stgit@nfdev.cica.es> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This patch adds an explicit object update type to rename chains, so we avoid calling the nf_tables API with NLM_F_EXCL. Signed-off-by: Arturo Borrero Gonzalez --- iptables/nft.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/iptables/nft.c b/iptables/nft.c index baaef3e..568faa1 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -253,6 +253,7 @@ enum obj_update_type { NFT_COMPAT_CHAIN_USER_ADD, NFT_COMPAT_CHAIN_USER_DEL, NFT_COMPAT_CHAIN_UPDATE, + NFT_COMPAT_CHAIN_RENAME, NFT_COMPAT_RULE_APPEND, NFT_COMPAT_RULE_INSERT, NFT_COMPAT_RULE_REPLACE, @@ -1457,10 +1458,15 @@ int nft_chain_user_rename(struct nft_handle *h,const char *chain, uint64_t handle; int ret; + nft_fn = nft_chain_user_add; + /* If built-in chains don't exist for this table, create them */ if (nft_xtables_config_load(h, XTABLES_CONFIG_DEFAULT, 0) < 0) nft_xt_builtin_init(h, table); + /* Config load changed errno. Ensure genuine info for our callers. */ + errno = 0; + /* Find the old chain to be renamed */ c = nft_chain_find(h, table, chain); if (c == NULL) { @@ -1479,7 +1485,7 @@ int nft_chain_user_rename(struct nft_handle *h,const char *chain, nft_chain_attr_set_u64(c, NFT_CHAIN_ATTR_HANDLE, handle); if (h->batch_support) { - ret = batch_chain_add(h, NFT_COMPAT_CHAIN_USER_ADD, c); + ret = batch_chain_add(h, NFT_COMPAT_CHAIN_RENAME, c); } else { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; @@ -2225,6 +2231,10 @@ static int nft_action(struct nft_handle *h, int action) NLM_F_CREATE : 0, seq++, n->chain); break; + case NFT_COMPAT_CHAIN_RENAME: + nft_compat_chain_batch_add(h, NFT_MSG_NEWCHAIN, 0, + seq++, n->chain); + break; case NFT_COMPAT_RULE_APPEND: nft_compat_rule_batch_add(h, NFT_MSG_NEWRULE, NLM_F_CREATE | NLM_F_APPEND,